Joshua Miller reports: A data mix-up on a state tax portal inadvertently made private data from about 16,500 business taxpayers viewable to other companies, potentially even competitors. The breach lasted from Aug. 7, 2017, through Jan. 23, 2018, and allowed some companies to view other business’s names, federal employer identification numbers, tax payments, and other…
Category: Exposure
Consequences for HIPAA violations don’t stop when a business closes
There’s a new settlement announcement from HHS OCR that makes clear that even if an entity closes its doors, any HIPAA enforcement action continues: A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the U.S. Department of Health and Human Services (HHS) Office…
This time, students’ records left behind
Barb Ickes writes: The 6-year-old’s psychological assessment is marked “confidential,” yet, there it is in my inbox. I didn’t read it. Finding it in my email felt wrong enough. But I understand what Jim Ziebell was doing. He was offering an example of the records that were left behind at a former school in Lost…
RoxSan Pharmacy Notifies Patients of Breach That Occurred in 2015
There are a number of unanswered questions about an incident disclosed by RoxSan Pharmacy today. See what you think, starting with their press release of today: As part of its commitment to patient privacy, RoxSan Pharmacy (“RoxSan”) notified 1,049 patients of a potential breach of unsecured personal patient protected health information. RoxSan is notifying affected…
The strange case of the data breach that stayed online for a month
So the headline’s a bit of clickbait as there’s nothing really strange going on, but it’s still a useful reminder situation….. Simon Sharwood and Kat Hall report on a case where someone found a spread sheet exposed/indexed by Google. And although the company believed that they had gotten everything removed, weeks later it was still…
KY: Livingston County Schools teachers, staff fear identity theft
Blake Stevens and Randall Barnes report: Many teachers, bus drivers, custodians, and other school staff in Livingston County fear their identities may have been stolen. Superintendent Victor Zimmerman apologized Monday night for unknowingly posting payroll information with social security numbers on the Livingston County school district’s website. The breach was part of an attachment for…